Skip to content

Lime CRM Knowledge Base

Version 12.4.0.40

Released March 4, 2016.

New features

  • Add info log when the database timestamp is updated. (PRO-825)
  • Click-to-call in object views (PRO-744)
  • Load more todo tasks (PRO-712)

Possible to load more to-dos in dashboard and related view * Load more activities (PRO-602)

Possible to load more than 15 activities in activity feed * limefu improvements (PRO-131)

Bug fixes

  • Memory leak in web server (PRO-828)
  • Ensure no flicker until breakpoints are in effect (PRO-793)
  • Improve import error handling for files with non-unique column headers (PRO-760)
  • Search in option query fields did not work (PRO-759)
  • “index out of range” error shown when importing certain files (PRO-755)
  • Content disappears in detail-view on iPhone (PRO-739)
  • A new database connection is created for every request to the web server (PRO-736)
  • Related objects list does not always show items (PRO-734)

Fixes issue where lists of related objects could not load content after main object had been saved * Import job summary does not limit number of jobs displayed (PRO-695)

Version 12.6.0.27

Released April 8, 2016.

New features

  • limefu view generation adds fields according to database field order (PRO-956)

Easier way of administrating the views in the webclient * Upload and download documents (PRO-866)

Make it possible to download and upload single files on cards with file fields

Bug fixes

  • Internal server error when attempting to view import error details and import file does not exist (PRO-1127)
  • Storing documents not always possible due to out of memory errors (PRO-1067)
  • Handle any filename when uploading files (PRO-1044)

Allow all valid file name characters when uploading and downloading files via the file api. * Related object badge may interfere with dropdown menus (PRO-992)

Version 12.6.0.28

Released April 8, 2016.

New features

  • Download documents from related document object (PRO-1020)
  • limefu view generation adds fields according to database field order (PRO-956)

Easier way of administrating the views in the webclient * Upload and download documents (PRO-866)

Make it possible to download and upload single files on cards with file fields * Improve installer help texts (PRO-862) * Allow use of Yes/No fields as key (PRO-830) * Object picker improvements (PRO-747)

Bug fixes

  • Internal server error when attempting to view import error details and import file does not exist (PRO-1127)
  • Storing documents not always possible due to out of memory errors (PRO-1067)
  • Handle any filename when uploading files (PRO-1044)

Allow all valid file name characters when uploading and downloading files via the file api. * Related object badge may interfere with dropdown menus (PRO-992) * IE/Edge reports installation package “invalid or corrupt” (PRO-893) * Do not log multiple changes of database timestamp within the same second (PRO-858)

Version 12.7.2.76

Released May 11, 2016.

New features

  • Minor UI improvements (PRO-1095)
  • Description for object in chip now allows use of “description” label (PRO-1072)

Fields with label “Description” is shown in badge for related object * limefu database list nows extended migration status (PRO-842)

limefu database list now lists a column status describing the state of each application listed * Show recently visited objects before searching (PRO-786)

Recent visited objects is shown in the searchlist which will simplify the work in Lime CRM

Bug fixes

  • Memory leak in web server relating to desktop client login (PRO-1204)
  • Not possible to remove relations (PRO-1146)
  • “limefu database list” does not list correct status when sqlhost is something else then localhost. (PRO-1132)
  • Internal server error when attempting to view import error details and import file does not exist (PRO-1127)
  • Creating new record fails if only relation fields were modified before save (PRO-1114)

Fixes an issue where creating new records fails if only relation fields were modified * Saving a user with an invalid but not modified SID may cause LISA error messages (PRO-1111) * lsp_recreatetable cannot create check constraints for required option fields (PRO-1102) * Search input focus on small device (PRO-1101)

When the main search field is opened on a small screen, it now gets focused so the user can start typing immediately * File headers are not correctly encoded when downloading file (PRO-1074) * Database cleanup system task may cause datastructure cache to become invalidated (PRO-989)

Version 12.9.0.95

Released June 8, 2016.

New features

  • Web Client available in Danish, Finnish and Norwegian bokmål (PRO-1197)

Webclient now available in danish, norwegian and finnish. * Creating document through plus-sign and browsing for file (PRO-1142)

It possible to upload a file easily by browsing for the file when creating a new document. * Create new documents via “related” using drag and drop (PRO-1141)

Documents can now be created through drag n drop to related objects * Button to delete search text when not on search page (PRO-1105) * Improved notifications on save where mandatory fields are missing (PRO-1100) * Percentage-control (steps) (PRO-783)

As a user I can easily select a value for a percentage-field through sliding the control * Show saved documents in related object list (PRO-673)

Documents in related object list is nicely formatted showing file-type, size and documenttype. You can download the document directly from the list.

Improvements

  • Upgrade embedded Python to 3.4.4 (PRO-1211)
  • Store application specific configuration in database (PRO-1206)

Views and configuration for the web client are now stored in the database instead of in files * Severe input lag in lime-textarea on “creating new activities” (PRO-1205)

User gets faster response when writing activitynote * Support more than 255 applications per server (PRO-1154) * Notifications when saving without all required information shown in wrong location (PRO-1145)

Notifications are shown in the right context when saving object without all required fields * Installation integrity check does not take entire code base into consideration (PRO-1094) * Clicking on related object in activity feed should display object in related object view (PRO-762)

As a user I can easily access more information about a related object without having to leave the activity feed.

Bug fixes

  • Internal error is raised when a nonexisting limetype is queried inthe api (PRO-1281)
  • Requests doing multiple database queries sometimes fail (PRO-1247)
  • iOS: text inputs on card doesn't render content immediately while writing (PRO-1232)
  • Text disappears when searching for related object and pressing space when writing (PRO-1229)

When searching for related objects, the search field is no longer reset when pressing the space-key * Memory leak in web server relating to desktop client login (PRO-1204)

The web server is no longer leaking memory when desktop clients do not log out. * Cannot run text import if translations have special characters (PRO-1200)

Webclient and Import can now handle doublequote (“) characters at the end of field- and optionnames * Starting an import while another is still running in the same database (and same user?) fails the first (PRO-1182)

Multiple import jobs started by the same user will now be queued up and not run simultaneously. * Search in webclient should handle special characters (PRO-710)

It is now possible to search for objects containing special characters in Lime CRM

Version 12.9.1.14

Released July 14, 2016.

Improvements

  • Text file import should support percent style decimal fields (PRO-1329)

Now possible to import to percentage-fields

Bug fixes

  • User cannot save documents (PRO-1341)

Makes it possible to save documents without having the API-feature switched on * New database IDs sometimes makes it impossible to log into maggie (PRO-1338)

Version 12.9.2.8

Released August 26, 2016.

Improvements

  • Installer starts services in the end of an installation(PRO-1437)

Now the Lime-crm installar waits to start each installed service until the end of the installation. If a service cannot start, the other services will still be installed.

Security update for Lime CRM Server

Bulletin ID LCSEC18-01 Date published 2018-07-05 Priority 2 Severity Critical

Priority and severity ratings are determined as described here.

Summary

This security update resolves a vulnerability in Lime CRM Server. The vulnerability could allow remote code execution in Lime CRM Server if an attacker alters the system configuration in a malicious way. However, an attacker would need access to a user account with administrator privileges in order to succeed with exploiting the vulnerability.

Affected versions

Product Version Platform
Lime CRM Server 12.25 - 12.41.1.5 All platforms

Solution

Lime categorizes this update with the following priority rating and recommends customers to either install the provided hotfix or update their installation to the newest version:

Product Type Updated version Priority rating Availability
Lime CRM Server Hotfix for any affected version - 2 Download
Lime CRM Server Product release 12.41.2.5 2 Download

Vulnerability information

Detailed summary

A remote code execution vulnerability exists in Lime CRM Server software when the software fails to properly validate configuration data input by users with administrator privileges. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the user running the Lime CRM Web Server service. If that user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Mitigating factors

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in this situation:

  • Running the Lime CRM Web Server service under an account configured to have fewer user rights on the system could be less impacted than running as a user operating with full administrative rights.

Workarounds

Workaround refers to a setting or configuration change that would help block known attack vectors before you apply the update.

  • Update firewall/proxy rules to deny HTTP requests using the PUT verb for the following endpoints: 
    https://lime.example.com/<appname>/api/v1/activitytype/
https://lime.example.com/<appname>/widgets/widget-salespipe/config
https://lime.example.com/<appname>/webclient/add/config

The impact of this workaround is that it will not be possible to update Lime CRM Web Client configuration until rules are disabled or removed.